In accordance with the Turkish Law on Protection of Personal Data no. 6698 and General Data Protection Regulation, everyone is entitled to demand the protection of personal data concerning him. This right, includes informing, accessing, requesting correction or deletion of personal data about a person and learning whether they are used for their purposes.
We would like to inform you in detail about the protection of your personal data in accordance with the Turkish Law on Protection of Personal Data no. 6698 and General Data Protection Regulation, the manner in which your personal data is received, the purposes for which it is processed, the legal reasons and our mutual rights and obligations.
With this Policy; Clients, Employee Candidates, Real Person Subcontractors, Legal Person Subcontractor’s Employees, Employees, Workplace Doctor, Visitors, Employees, Shareholder and Authorities of the Companies that we cooperate with and the third parties are aimed to be protected. The Company’s employees are managed under the Policy on Protection of Personal Data, which is written in line with the principles in this Policy on the protection of personal data of our employees.
If there is a conflict between the Turkish Law on Protection of Personal Data no. 6698 and General Data Protection Regulation and other relevant legislation, and the Company’s Policy on Protection of Personal Data, the legislation and the Turkish Law on Protection of Personal Data no. 6698 and General Data Protection Regulation in force shall be applied.
Purposes for Processing of Your Personal Data
AKKOM MÜHENDİSLİK İNŞAAT TEKSTİL TURİZM SANAYİ VE TİCARET A.Ş. (‘’Company’’) prepared this Policy on Protection of Personal Data in order to protect the fundamental rights and freedoms of individuals, especially the privacy of individuals in the processing of personal data.
The Policy is intended to continue and develop the activities carried out by the Company in accordance with the principles of the Turkish Law on Protection of Personal Data no. 6698 and General Data Protection Regulation and to inform the owners of personal data.
Data subject whose personal data are processed within the scope of this Policy are categorized as follows:
General Principles Regarding the Processing of Personal Data
Pursuant to the article 4/2 of the GDPR, the processing of personal data contains any operation performed upon personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automatic means or provided that the process is a part of any data registry system, through non-automatic means.
Personal data may only be processed in compliance with the principles as follows:
Lawfulness, transparency and conformity with rules of bona fides Our Company conducts its personal data processing activities in accordance with rules of bona fides and law within the scope of GDPR.
Accuracy and being up to date, where necessary Our company carries out all kinds of administrative and technical measures to ensure the accuracy and being up to date of the personal data during the process.
Being processed for specific, explicit and legitimate purposes Before starting the processing of personal data, our Company determines its legitimate purpose for processing personal data precisely and explicitly within the framework of informative document.
Being relevant with, limited to and proportionate to the purposes for which they are processed. Personal data are processed by our Company as necessary to achieve the specified purposes. Assuming that it can be used later, data processing is not carried out.
Being retained for the period of time stipulated by relevant legislation or the purpose for which they are processed Our Company retains personal data for a limited period of time as required by the GDPR and related legislation or for purposes related to data processing.
Being processed in a manner that ensures appropriate security of the personal data Our company ensures appropriate security of personal data that it processes.
Conditions of Personal Data Collection
Personal data and Special Categories of Personal Data can be processed and transmitted with explicit consent of data subject or without any explicit consent in the conditions specified in Articles 6 and 7 and 9 of the GDPR.
Processing of Personal Data
As a rule, our Company processes your personal data based on your explicit consent. However, we conduct personal data processing without seeking your explicit consent in accordance with the data processing conditions specified in Article 6 of the GDPR:
It is explicitly stipulated in the law, It is compulsory for the protection of the life or body integrity of the person or someone else who is unable to disclose his consent due to the impossibility or whose consent is not granted legal validity, Provided that any contract between the data owner and the Company is directly related to the establishment or performance of the contract, the processing of personal data is required, It is compulsory to fulfil the legal obligations, The data owner has been publicized by himself, Data processing is mandatory for the establishment, use or protection of a right, The processing of data for the legitimate interests of the Company is mandatory, without prejudice to the fundamental rights and freedoms of the data holder.
Processing of Special Categories of Personal Data
Our Company conducts the processing of personal data which is considered to be of a special nature, which carries the risk of discrimination when processed unlawfully, in accordance with the data processing conditions set forth in Article 9 of the GDPR. It is forbidden to process personal data of a Special Categories of Personal Data without the express consent of the data owner. However, Special Categories of Personal Data may be processed even if the data owner does not have explicit consent in the following cases:
Processing of Personal Health Data
Personal health data can be processed when (I) the necessary permissions are taken by Health Ministry, (ii) complying with general provisions, (iii) under confidentiality obligation, if one of the following conditions are present, personal health data can be processed:
-The explicit consent of the data subject
-Taking necessary precautions for the purpose of occupational and obey the obligations arising from the legislation,
-Public Health Protection
-Medical diagnosis, treatment and care services
-Planning and management of health care and financing
Processing of Personal Data Except for Health and Sexual Life
With this scope of data will be possible in case of the existing of data owner’s explicit consent and situations foreseen in law
Processing of special categories of personal data under the GDPR
Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be allowed if one of the following applies: the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorized; processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent; processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects; processing relates to personal data which are manifestly made public by the data subject; processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity; processing is necessary for reasons of substantial public interest, on the basis of law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject; processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph c; processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy; processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
Ensuring the Security and Privacy of Personal Data
Pursuant to Article 32 of the GDPR, our Company takes all necessary technical and administrative precautions to prevent the illegal processing and getting access of the personal data and to ensure to provide the protection of personal data with regard to ensure the proper level.
7.1. Technical precautions taken to ensure the legal processing of personal data and to prevent illegal Access
The Company has taken all sort of technical and technological security precautions in order to protect your personal data and has protected your personal data against all possible risks.
Technical precautions are taken in accordance with the developments in technology, and the preventions are updated periodically and renewed. Software and hardware are available, which includes virus protection systems and firewalls. Employees have been informed that they will not be able to disclose the personal data they have learned in contrary to the provisions of the Law and they cannot use it for any purpose other than for processing purposes, and that this obligation will continue even they leave their job, and the necessary commitments have been taken from the employees in this direction and policies, in particular in the workplace, have been issued to the employees. In order to store personal data in secure medium, systems correspondent with technological developments are used.
Administrative Precautions Taken To Ensure the Legal Processing Of Personal Data and To Prevent Unlawful Access
- Training and raising the awareness of the Company’s employees regarding the GDPR,
- When the personal data transfer is in question, to ensure that the person to whom the personal data is transferred and the agreements concluded, that the data from which the personal data is transferred will be added to the data security,
- Determining the requirements to be fulfilled in order to comply with the GDPR and preparing domestic policies for their executions,
- Using software and hardware that includes virus protection systems and firewalls to prevent unauthorized access.
7.2. Preventions to Be Taken In Case Of Illegal Disclosure of Personal Data
If the processed personal data is obtained by another person by illegal ways despite the necessary security preventions, our Company will notify the data owner and the Board within 72 hours from the date of the announcement by means of the contact information been found in the Company.
Purpose of the Processing of Personal Data and Preservation Period
8.1. Purposes of the Processing Personal Data
Personal Data which were found in our company; planning and execution of commercial activities, informing the authorized institutions and organizations originating from the law, getting technological services in areas which are not directly provided by us and not in our field of expertise, reaching financial agreement with our business partners and / or third parties regarding our products and services, execution/pursuit of financial reporting and risk management transactions / planning and execution of the necessary audit activities to ensure the conduct of the activities in accordance with the relevant procedures and the Company's procedures, the execution of the corporate sustainability activities, the execution of activities for the protection of the reputation of our company, and complaint management, planning and execution of corporate governance and communication activities. delivery of invoices, invoicing, sending commercial electronic messages in case of your consent, organizing campaigns within the scope of the loyalty card program and signing scores, resolving complaints about products, personalizing our advertising and marketing communications and being more relevant to you and improve, customize and measure the website and our services, measure the performance of marketing campaigns we perform through e-mail, analyze e-mail opening and click-through rates, monitor and improve the information security of the website, and improve our website in third-party websites limited to the law and the rules of honesty and to the purpose for which they are committed, shall be processed in accordance with the principles of retention for the time period required by the relevant legislation or for the purpose for which they are processed.
8.2. The Preservation Period of Personal Data
Our Company determines whether or not a period is stipulated in the relevant legislation for the preservation of personal data. If a period is foreseen in the relevant legislation, it shall comply with this period; if a period of time is not foreseen, it will retain the personal data for the time which is required for the purpose for which it was processed. If the purpose of the processing of personal data has expired and the relevant legislation and / or the retention periods set by our Company have been reached, they may be kept only for the purpose of providing evidence in the event of possible legal disputes, for claiming the right related to personal data or establishing the defense. Personal data is not stored by our Company based on the possibility of future use.
Demolishing, Destruction and Anonymizationof Personal Data
According to the article 17 of the GDPR, although personal data are processed in accordance with the relevant legislation, if reasons required processing are eliminated, personal data are deleted, destroyed or made anonymized by the Company upon the request of the person or personal data owner.
The procedures and principles regarding this matter shall be fulfilled in accordance with the GDPR.
It deletes, destroys or makes anonymized personal data in the first periodic destruction following the date of our obligation of deleting, destroying or making anonymized personal data,
Personal data will be deleted, destroyed or made anonymous within 3 (three) months of the date on which our obligation of deleting, destroying or making anonymized personal data arises
The period of time for periodic destruction is six months.
When you contact our company and request that your personal data are deleted or destroyed;
a) all conditions for processing personal data have been removed; your personal data subject to the request will be deleted, destroyed or made anonymous. Your request will be finalized within thirty days at the latest and you will be notified.
b) notifies the third parties if all the data processing conditions have been removed and the personal data subject to the request have been transferred to third parties; It is ensured that necessary transactions are carried out within the scope of the Regulation.
c) If the condition of processing have not been removed, your claim may be rejected by explaining the justification pursuant to Article 6 of the GDPR and you will be notified in writing or electronically within thirty at the latest.
9.1 Deletion and Destruction of Personal Data Techniques
Deletion of personal data is process of making personal data inaccessible and reusable fort he uses concerned.
Extinguish of personal data is the process of making personal data inaccessible reusable by anyone.
Example: extinguish as physically, secure deletion from software, secure deletion by the expert etc.
Anonymization Technics for Personal Data
It means rendering personal data by no means identified or identifiable with a natural person even by linking with other data.
Example: camouflage, data generation, using nickname, consolidation, data hash etc.
Third Parties whom Personal Data is transferred and Transfer Objectives
The procedures and principles to be applied in the transfer of personal data are regulated in article 8 and 9 of the Personal Data Protection Law and the personal data of the personal data owner and private personal data can be transferred to third parties at home and abroad.
For the performance of its services your personal data may be limited to the law and other legislation (including the Law on the Identification of Identity No. 1774, the Law on Consumer Protection No:6502, and other regulations regarding these infrastructure providers, trainers, third parties, travel agencies, e-archives, e-waybills and e-invoices. Legal entities providing archival services, server service received from abroad for our websites, insurance companies, banks/financing companies, collection of receivables, real- estate physician, real and legal persons with whom we have a Proxy relationship may be shared with our business partners. However, in any case, personal data cannot be transferred without the explicit consent of the personal data owner with the exception of the exceptions set out in the GDPR.
9.2 Domestic Data Transfer
Pursuant to the Articles 44 – 50 of the GDPR, the transfer of personal data domestically shall be possible provided that one of the conditions set out in section 6 of the “Conditions for the Processing of Personal Data of this Policy is met.
9.3 Abroad Data Transfer
In accordance with Articles 44 – 50 of the GDPR, in case personal data are transferred abroad, the conditions for domestic transfers met and one of the following matters is required:
- sufficient protection is provided in the foreign country where the data is to be transferred,
- the controllers in Turkey and in the related foreign country guarantee a sufficient protection in writing and the Board has authorized such transfer, where sufficient protection is not provided.
9.4 Personal Data Transfer Groups by our Company
In accordance with Articles 44 – 50 of the GDPR, our Company may transfer the personal data holders within the scope of this Policy to the following groups of persons for the specified
Obligation of our Company to Inform
In accordance with Article 13 of the GDPR, our Company should inform personal data owners during the collection of personal data. In this context, our Company fulfils its obligation to inform the following subjects:
- the identity of the controller and of his representative, if any,
- the purpose of data processing;
- to whom and for what purposes the processed data may be transferred,
- the method and legal reason of collection of personal data,
- other rights referred to in the articles 12 – 23 of the GDPR.
The Rights of Data Owners and Usage of these Rights
In accordance with the articles 12 – 23 of the GDPR, the assessment of the rights of personal data owners and the necessary information to personal data owners are carried out through the Company Personal Data Application Form as well as this Policy. Personal data holders may submit their complaints or requests regarding the processing of their personal data to us within the framework of the principles specified in the relevant form.
11.1 Right of Application
Pursuant to the articles 12 -23 of the GDPR, anyone whose personal data has been processed can apply to our Company and make requests regarding the following matters:
a) Obtain from our Company as to whether or not personal data concerning he/she are being processed;
b) Request information as to processing if her/his data have been processed;
c) Learn the purpose of processing of the personal data and whether data are used in accordance with their purpose;
d) Know the third parties in the country or abroad to whom personal data have been transferred;
e) Request rectification in case personal data are processed incompletely or inaccurately; and request notification of the operations made to third parties to whom personal data have been transferred;
f) Request the deletion, destruction or anonymization of personal data in the event that the reasons that require processing of the personal data disappear; and request notification of the operations made to third parties to whom personal data have been transferred
g) Object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems
h) Request compensation for the damages in case the person incurs damages due to unlawful processing of personal data by applying to the data controller
i) Receive the personal data concerning you, which you have provided to our Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from our Company to which the personal data have been provided
11.2 Exceptions to the Right of Application
Pursuant to the article 23 of the GDPR, personal data owners will not be able to assert their rights if:
personal data is processed by natural persons within the scope of purely personal activities of the data subject or of family members living together with him in the same dwelling provided that it is not to be disclosed to third parties and the obligations about data security is to be complied with. personal data is processed for the purpose of official statistics and for research, planning and statistical purposes after having been anonymized. personal data is processed with artistic, historical, literary or scientific purposes, or within the scope of freedom of expression provided that national defense, national security, public security, public order, economic security, right to privacy or personal rights are not violated or they are processed so as not to constitute a crime. personal data is processed within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations duly authorized and assigned to maintain national defense, national security, public security, public order or economic security. personal data is processed by judicial authorities or execution authorities with regard to investigation, prosecution, criminal proceedings or execution proceedings.
11.3. The Procedure of Response
Pursuant to Article 19 of the GDPR, our Company will finalize the application requests submitted by the personal data holder as soon as possible according to the nature of the request and within 30 (thirty) days at the latest. Pursuant to the article 19 of the GDPR, your application must be submitted to our Company in writing or by other methods to be determined by the Board.
The application of the personal data holder may be rejected in the following cases:
Preventing other people's rights and freedoms
Requires disproportionate effort
Information being publicly available
Endanger the privacy of others
Existence of one of the cases that are not covered under the Personal Data Protection Law
Personal Data Processing Activities on the Company and Data Processing Activities on the Website
12.1. Incoming and Outgoing Visitors of the Company
Personal data processing is carried out to monitor the entrance and exit of our guests. While the name and surname information of the persons who come to our company is obtained, the data is processed only for this purpose and the relevant personal data is recorded in the recording system in the physical environment.
12.2. Visitors of the Website
In case the persons who make membership on the website or make purchases without membership, create an account on the website; name, surname, gender, date of birth, e-mail address; if he purchases from the website, his name, surname, e-mail, telephone number, address and credit card information; cookies are loaded into the electronic device through the browser used and the IP number, in addition to the above, is processed in order to planning and execution of commercial activities, informing the authorized institutions and organizations from the legislation, obtaining technological services in areas not directly provided by us and not in our field of expertise, obtaining financial agreement with our business partners and/or third parties regarding our products and services, execution of financial reporting and risk management transactions/planning and execution of the necessary audit activities to ensure the conduct of the activities in accordance with the procedures and the Company's procedures, planning and executing corporate sustainability activities, carrying out activities to protect the reputation of our company, managing demand and complaint processes, planning and executing corporate governance and communication activities, delivering the purchased product to you, issuing invoices, sending commercial electronic messages if you give consent, organizing campaigns and score points within the scope of the loyalty card program if you become a member of the loyalty card program, resolve complaints about products, personalize our advertising and marketing communications, and make them more relevant to you, customize, measure and improve our website and services, measure the performance of our marketing campaigns via e-mail, analyze e-mail opening and click-through rates, monitor and improve the information security of the website, enable you to see advertisements about our website and services on third party websites.
12.4. Personal Data Protection Office
In order to fulfil the obligations of the GDPR, the Company makes the necessary assignments and establishes procedures accordingly for the implementation of the issues specified in this Policy. The Office for the Protection of Personal Data was established by the Company to manage this Policy and the procedures attached to this Policy under the GDPR.
The office has duties such as distribution of duties necessary to increase internal awareness, monitoring of the audits to be performed, taking the necessary actions to solve the applications of the persons concerned, and conducting relations with the Board.
This Policy may be revised by the Company if deemed necessary. In case of revision, the most up-to-date version of the Policy will be posted on the Company's website.
Internet Explorer tarayıcısının 9.0 ve daha eski sürümlerini desteklememekteyiz. Web sitemizi doğru görüntüleyebilmek için tarayıcınızı güncelleyebilirsiniz,
güncelleyemiyorsanız başka bir tarayıcıyı ücretsiz yükleyebilirsiniz.
Our website may use “cookies.” Cookies enable you to save your shopping bag and for us to better personalise your shopping experience on our website, as well as provide us with information... Click for detailed information